[INTRISK-83943] default isEvalSupported to false (#184)

* default isEvalSupported to false * formatting * remove public setter
Workiva · Jan 8, 2025 · 469f34a · 469f34a
1 parent f4bcedf
commit 469f34a
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/lib/src/document_init_parameters.dart b/lib/src/document_init_parameters.dart
@@ -26,6 +26,10 @@ class DocumentInitParameters {
 
   DocumentInitParameters() {
     _jsInternal = JsObject.jsify({});
+
+    // https://www.cisecurity.org/advisory/a-vulnerability-in-mozilla-pdfjs-could-allow-for-arbitrary-code-execution_2024-046
+    // Vulnerability in Mozilla PDF.js Could Allow for Arbitrary Code Execution when isEvalSupported is set to true for PDF.js versions prior to 4.2.67.
+    _jsInternal?['isEvalSupported'] = false;
   }
 
   TypedData? get data => _jsInternal?['data'] as TypedData?;